Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

WakaTime - HackerOne Reports

View on HackerOne

64

Total Reports

0

Critical

3

High

9

Medium

24

Low

No rate limit on creating private leaderboards.

Reported by: 0xelement | Disclosed:

HTML - injection

Reported by: b6bfe1fb5d9fa76d75aeb40 | Disclosed:

Blocking users to sign up on the site

Reported by: saikiran-10097 | Disclosed:

Weakness: Violation of Secure Design Principles

Session not expired on logout

Reported by: ronygigi | Disclosed:

Weakness: Improper Authentication - Generic

Missing filteration of meta characters in all full name field on wakatime.com

Reported by: silv3rpoision | Disclosed:

Low

Weakness: Violation of Secure Design Principles

No rate limiting for confirmation email, can spam anyone with confirmation emails

Reported by: pratyushjanghel | Disclosed:

Weakness: Violation of Secure Design Principles

Lack of Password Confirmation When Changing Email

Reported by: pratyushjanghel | Disclosed:

Weakness: Violation of Secure Design Principles

Bypassing Access control, changing owner's name in a private leaderboard

Reported by: tikoo_sahil | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Two email addresses can access the same account

Reported by: streaak | Disclosed:

Weakness: Violation of Secure Design Principles

Sensitive Cookie Without 'HttpOnly' Flag

Reported by: jatanvora | Disclosed:

JSON CSRF on POST Heartbeats API

Reported by: sp1d3rs | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Double Clickjacking Attack on WakaTime OAuth Authorization Flow at https://wakatime.com/oauth/authorize

Reported by: zeesozee | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Session Duplication due to Broken Access Control

Reported by: anurag98 | Disclosed:

High

Weakness: Improper Access Control - Generic

Validation of Password reset tokens

Reported by: saikiran-10097 | Disclosed:

Low

Weakness: Violation of Secure Design Principles

User Email Disclosure via ID-Based Invitation

Reported by: m_kamal | Disclosed:

Medium

Weakness: Information Disclosure

IDOR to view order information of users and personal information

Reported by: hasn0x | Disclosed:

Weakness: Insecure Direct Object Reference (IDOR)

Login Information and Credentials Have Been Leaked on wakatime.com

Reported by: parthabishwas | Disclosed:

Weakness: Information Disclosure

Broken Access Control Exposes Email Verification Status and Privacy Settings via API Endpoint

Reported by: ctrl_cipher | Disclosed:

Low

Weakness: Improper Access Control - Generic

by pass rate limit exceed

Reported by: abhiram | Disclosed:

Weakness: Improper Access Control - Generic

Missing Account Deletion Notification

Reported by: pavanw3b | Disclosed:

Page 1 of 4 Next